Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1793
Views
0
Helpful
5
Replies

How to setup the trunk for private vlans across 2 switches (Both are SF300-24)

peterliu101
Level 1
Level 1

ā€Ž01-26-2015 09:14 PM

Dear All,

I have 2 switches which are SF300-24.

Switch 1 is connected to Internet Router for all clients on swith1 and switch 2.

The clients on switch 1 & switch 2 donā€™t communicate each other.

Port1~Port24 on switch 1 & switch 2 are isolated ports.

Gigaport1 on switch1 is connected to gigaport1 on switch2.  

Gigaport2 on switch2 is connected to Internet Router.

The VLAN 100 is for isolated ports.

The native VLAN is 1.

 

Please help me how to configure the case. Thanks for your help.

1 person had this problem
Labels:
0 Helpful
5 Replies 5

V K Moorthy
Level 1
Level 1

ā€Ž01-26-2015 10:45 PM

Hi,

Configure the Gi1 port of switch1 and switch 2 with Trunk and allow VLAN 1U,100T

 

regards

Moorthy

0 Helpful

peterliu101
Level 1
Level 1
In response to V K Moorthy

ā€Ž01-27-2015 09:19 AM

SF300-24 doesn't support the command "switchport mode private-vlan trunk promiscuous".

 I have a question whether  Normal trunk can carry PVLAN traffic.

0 Helpful

Aleksandra Dargiel
Cisco Employee
Cisco Employee
In response to peterliu101

ā€Ž01-28-2015 01:23 AM

Hi Peter,

You can do it:

ā€¢To allow this, all relevant switches must have the same PVLAN VLAN association
ā€¢The inter switch port(s) between relevant switches must be configure as follows:

Trunk (or general) mode ports

Primary VLAN, Community VLANs and the Isolated VLAN are configured as tagged VLANs on these interfaces

ā€¢This will allow PVLAN traffic to flow as ā€œmarkedā€ VLANs across the switches and will be handled appropriately on PVLAN ports on neighboring switches
 
 
So as per Moorthy suggestion regular trunk on uplink would work as expected.
 
Regards,
Aleksandra
 
0 Helpful

Tom Watts
VIP Alumni
VIP Alumni
In response to Aleksandra Dargiel

ā€Ž01-29-2015 09:12 PM

I think he's just looking for PVE.  You can enabled 'protected port' on a port by port basis.

 

Here's the excerpt from the admin guide.

 

Protected Port
ā€”Select to make this a protected port. (A protected port is
also referred as a Private VLAN Edge (PVE).) The features of a protected port
are as follows:
-
Protected Ports provide Layer 2 isolation between interfaces (Ethernet
ports and LAGs) that share the same VLAN.
-
Packets received from protected ports can be forwarded only to
unprotected egress ports. Protected port filtering rules are also applied
to packets that are forwarded by software, such as snooping
applications.
-
Port protection is not subject to VLAN membership. Devices connected
to protected ports are not allowed to communicate with each other, even
if they are members of the same VLAN.
-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

mohdilyasali
Level 1
Level 1

ā€Ž08-26-2015 10:35 PM

above mentioned issued has been same , error also coming %BOOTP_DHCP_CL-I-DHCPRENEWED: The device has been renewed the configuration on interface Vlan 1 , IP 10.20.20.1, mask 255.255.255.0, DHCP server 10.20.20.100

could you please help to sort out issue...

one more can access web page of switch but not showing all option and switches avaliable in branch so far i wants access from head office and it is reachable...

 

this is my email : mohdilyas_ali@yahoo.co.in

adv thanks

 

0 Helpful
Customers Also Viewed These Support Documents